Posted on May 6, 2010 in Anomos by Rich 8 Comments »

There’s been a bit of hubbub in the geek media in the past few days about the dangers of using BitTorrent over Tor. This isn’t news to us here at ALE, but it’s come as a bit of an eyeopener to a lot of people. The TOR blog has written up a pretty good analysis about the problem called BitTorrent Over Tor Isn’t a Good Idea. In the comments, there are some kind words about Anomos. Unfortunately, there is a common misconception I’d like to dispel here: Anomos does NOT require that the tracker know your IP! You can be entirely anonymous while downloading and uploading over Anomos. I’ll explain.

Now normally when you connect, it looks like this:

In this case, yes, the tracker knows your IP, but other members in the network know nothing about your data transfers.

But, because Anomos announce requests to the tracker are done with HTTPS, you can also do this over Tor/Privoxy, like so:

In this case, the tracker has no idea who you are. First of all, this is hard to set up. It means installing additional software and fiddling with proxy settings, which is just too complicated for most users and goes against the Anomos philosophy of usable privacy. There are downsides to this – you will not be assigned to other peers in the network, you will only be able to connect out to peers, and not the other way around (this is the same effect as peers who don’t forward their ports.) This has a damaging affect on the network.

When all peers are reachable (the optimal scenario) – the graph of connectivity looks like this (where blue peers are connectable, and yellow ones aren’t):

And when 90% of peers are behind Tor, or aren’t forwarding their ports, the network looks like this:

He looks happy, but he’s not, because this means that there aren’t as many paths for file transfer to take, so the central peers will be overloaded and the network will become congested and slow. If every single person does this, nobody will be able to connect to each other, so it won’t work at all!

Anomos is designed with the assumption that at least some peers are only concerned about their neighbours spying on them, and that they trust the tracker enough to connect to it. However, those with more serious privacy concerns will be able to share files totally anonymously. This doesn’t only work with Tor, it will work with any proxy or anonymity network, like I2P. Some day, we’d like to distribute Anomos and Tor bundled together and configured for totally anonymous transfers right out of the box. For now, you’ll have to install Tor and Privoxy separately, then change the proxy settings on your own.

I hope this clears things up for everybody!